back to article 50 day lullaby of Lulzsec is over .. for now

After fifty days of wreaking security busting mayhem on websites round the globe, Lulzsec says it's hanging up its hacking hats. Perhaps to forestall accusations either that its members were sinking the LulzBoat in response to rival TeamPoison's threat to expose its members, or that they're clearing out the basement before the …

COMMENTS

This topic is closed for new posts.
  1. bolccg
    Joke

    agoraphobia

    seems like a reason to keep someone in?

    1. Anonymous Coward
      Joke

      FBI officials?

      "...he had been diagnosed with Asperger's syndrome since his arrest and has agoraphobia..."

      Pity it wasn't Tourette's: he could just tell them to 'Fuck off.'

      1. Titus Technophobe
        Thumb Up

        ..... breaking news

        Watch and wonder as Mrs 'Lulzsec's Mum' reads this and declares that he has Tourette's syndrome on top of the Agoraphobia and Aspergers.

        May be I am the only cynical one who thinks it just a little more than coincidental that when these Über hackers get caught they suddenly develop a whole range of psychological problems?

        Cue furious flicking through the pages by anonymous mothers ..........

        1. ClareCares
          Thumb Down

          Joke ?

          How can you joke about this? It is clear to me that this youngster can't be responsible for his actions, and that the authorities are overreacting. He is unlikely to get a fair trial, and receive a punishment far worse than is justified. This is UK/US injustice at it's very best.

          What mother would do anything different?

          1. Anonymous Coward
            Anonymous Coward

            @Clare

            I've worked with a few and personally known one person with Asbergers: Unless very severe, Asbergers does not prevent you from knowing the difference between right and wrong or from being responsible for your actions. Certainly not if it went undiagnosed until he was arrested.

            As for asserting that he won't get a fair trial, you're drifting off into conspiracy - If it goes to trial, it will be like all trials in the UK, open and held in public. You can make a decision at that point if you think it's not fair, but as I struggle to think of miscarriges of justice in the last 20odd years, I'll stick with a default position of fair, until appears to be otherwise.

            1. Bullseyed
              Go

              Re AC

              "I've worked with a few and personally known one person with Asbergers: Unless very severe, Asbergers does not prevent you from knowing the difference between right and wrong or from being responsible for your actions. Certainly not if it went undiagnosed until he was arrested."

              Given that many people who have read the LulzSec stories and don't have any known psychological problems don't think that he or any of the members did anything wrong, you have no ground to stand on for this argument.

              If you stand naked in your front window as the school bus passes, are you guilty of indecent exposure or are they guilty of violating your privacy?

              1. Anonymous Coward
                FAIL

                Title

                Just because you don't think they did anything wrong doesn't mean it wasn't illegal.

                Hint: accessing systems without permission and taking a dump of the database != legal behaviour

              2. Titus Technophobe

                @Bullseyed

                ..... and yet if you are found to have DDoS attacked a web site you may be found guilty of an offense under the Computer Misuse act 1990. How do your various analogies, such as the one above, and the other one about leaving furniture out, suggest that LulzSec haven't done anything wrong?

              3. david wilson

                @Bullseyed

                >>"Given that many people who have read the LulzSec stories and don't have any known psychological problems don't think that he or any of the members did anything wrong, you have no ground to stand on for this argument."

                Forget 'wrong', how many of them are confident he and the rest of them didn't do anything *illegal*?

                I'm pretty sure that the average prison has loads of people in it who have managed to convince themselves that they haven't really done anything 'wrong', and that any negative outcomes of their actions are really someone else's fault.

                If someone made a judgement about the actions of a whole group of people *without even being aware of all the actions those people did*, I'd have to wonder why they were so particularly keen to believe in the innocence of the people in question.

                I certainly wouldn't put much trust in the judgement having been reached in good faith, rather than being leapt to as a result of simple rationalisation.

              4. Anonymous Coward
                Anonymous Coward

                @Bullseyed

                So, if they didn't think that they were doing anything wrong, why would they go to such lengths to stay anonymous?

                Also, why did they go on about "doing it for the lulz"? That implies that they knew it was wrong.

              5. JC 2

                @ Re AC

                On the contrary, you don't seem to understand that trials and law do not have anything to do with what a handful of people think is "right" or "wrong".

                They depend on L A W. If you disapprove of laws, act to change them BEFORE, not AFTER someone gets caught up in a violation, because to have justice, that law must apply just as it had to all those who came before and were tried under it, else it gets elevated to a higher court to decide.

                You must be kidding though, to take a vigilante position attacking person(s) because you disapprove of what they do is not wrong? Of course it is, the legal system is the recourse for such things and just as it is that you should let your voice be known to repeal unjust laws, so you should also voice what new laws are needed to keep moving toward justice. Vigilantism cannot fit into this model, it is based on subjective decisions instead of popular vote regardless of what some herd of teenagers with nothing better to do, agree upon to fit in with their peers.

          2. Graham Wilson
            Flame

            @ClareCares--Right, he won't get a fair trial because he's embarrassed the IT Establishment.

            Whether the kid is responsible for his actions remains to be seen, however there's no doubt that those caught hacking become scapegoats for a failed, totally inadequate, security system--especially so when their primary purpose is just to hack rather than premeditated cyber crime.

            It's clear to me that the IT Establishment has set out to make an example of such kids and throw the book at them because it is embarrassed by its sheer longstanding incompetence and utter inability to protect its IT systems. It's a classic case of 'blame anyone but yourself' and amateur hackers are the obvious target.

            It seems revenge is a lot easier than being professionally competent. Over the years, we've witnessed the deliberate revenge the Establishment has handed out to those that embarrass it--from hackers and crackers such as Kevin Mitnick and Jon Johansen to music downloaders like Joel Tenenbaum, all are held up as Satan incarnate. When caught, these people are severely punished and ostracised worldwide yet a bank safecracker is likely to get little more than page-3 notoriety in the local press.

            That for many years kid hackers have continually outwitted and made fools of the world's best security experts points us to the REAL culprits--the IT Establishment itself. It's the so-called IT security experts and the manufacturers of Swiss-cheese code such as the Microsofts of this world who are truly responsible for this problem, not a few amateur hackers; yet, as they control establishment power, they not only all get off scot-free and avoid imprisonment but they've real power to shift the full blame onto those who ought to be just bit players.

            Those with power can and do and have always set the agenda here; it's never been set by what's morally and technically right or correct.

            Users are responsible for protecting their own IT systems in the same way I'm responsible for protecting my wallet. If I don't button up my back pocket or I throw banknotes in the street then it's silly for me to expect that they're going to remain there indefinitely. Banks have long understood this when it comes to locking up and securing cash but it seems that after 50-plus years the IT world has yet still to learn this fact let alone understand how to fix the problem.

            The reaction and indignation to Lulzsec by those in the know is the hight of hypocrisy. And that to ordinary citizens, legislators etc., the IT Establishment can hide behind the mumbo-jumbo world of IT security doesn't make it any less so. In reality, the spotlight ought to be focused much more on the IT security profession than on Lulzsec.

            Furthermore, that IT security is in such tatters is both serious and alarming. Clearly, if a bunch of amateur hackers can, at will, bring large corporate systems to their knees then just imagine what would happen in an all-out orchestrated cyber war carried out by a foreign power with unlimited resources at its disposal. Frankly, it's hard to believe IT security is in such a shambles but it can't be denied as Lulzsec's provided the necessary proof.

            With proper well engineered IT security commonplace, Lulzsec would find something more interesting to do than to show how flawed IT security really is. Pride aside, we ought to take our hats off to them for showing us the way forward.

            Presumably, all the thumbs-downs to your post have come from second-raters who don't have a good handle on IT security; clearly they're jealous of Lulzsec's superior IT security skills.

  2. Anonymous Coward
    Headmaster

    typo alert

    >"Clearly’s defense"

    Cleary's defense.

    1. Anonymous Coward
      Headmaster

      Massive typo alert

      >"Clearly's defense attorney"

      Cleary's defence lawyer.

  3. moiety

    I've enjoyed...

    ...hearing about LulzSec's forays. Can't say I approve of what they've done because there was potentially a lot of real-world hurt unleashed. Some things got poked that needed poking; but they could have thought about the collateral damage, is what I'm sayin'.

    Glad it's over. If it is. Suicide notes on the intertubes are worth the paper they're printed on.

  4. Anonymous Coward
    Anonymous Coward

    LOL @ lulz

    script kiddies poke the big dog with a long stick and run away very fast when it wakes up. sad.

    1. Anonymous Coward
      Anonymous Coward

      Re: LOL @ lulz

      And if they kept going untill they got caught.you would call them stupid for not knowing when to quit.

      1. Anonymous Coward
        Flame

        I just call them

        self centred little tits with no empathy who delight in making other people's lives more difficult in order to gratify their pathetic egos...

        1. Graham Wilson
          FAIL

          @A. Coward -- Re: "self centred little tits with no empathy..."

          "self centred little tits with no empathy..." they may be. But it's better to find out security weaknesses now than during an all-out cyber war by a foreign power that has unlimited resources.

          At some future time you may thank Lulzsec for the opportunity to fix things in advance.

      2. Sean O'Connor 1
        Thumb Down

        @ Norfolk 'n' Goode

        I'd call them stupid if they'd kept going and stupid if they'd stopped. They're just stupid little kids. Exposing personal data of ordinary people does nothing except piss off ordinary people.

        1. Anonymous Coward
          Anonymous Coward

          They are stupid...

          Because firstly, they are just a bunch of script kiddies vandalising things. I have yet to see them create anything to improve any part of the world, anywhere. Oh yes, silly me. Talentless little script kiddies can't actually create anything worthwhile, but they can destroy things.

          In response to a previous post; They are also stupid because they did keep going until one of their members got caught. At which point he started helping the police track down the other members so quickly the others panicked and quit. Saying afterwards that they planned to quit after X number of days is something only the gullible or stupid will actually beleive. If they intended to quit after X number of days, they would have announced that at the start.

          £5 says they are shitting themselves at the moment, which trying to delete all the evidence. Unfortunately, the little kiddies have yet to completely grasp the fact that given that they decided to attack servers, logs of their nefarious activities are spread across the planet, held by people who will be delighted to help the police with their enquiries.

          1. This post has been deleted by a moderator

            1. Anonymous Coward
              Anonymous Coward

              Not so easy

              None of my data has been exposed by Lulzsec and yet I still consider them Script Kiddies.

              Downloading and using tools someone else wrote to attack servers, using no personal knowledge other than how to use the toolz. That'd be a Script Kiddie!

      3. david wilson

        @Norfolk 'n' Goode

        >>"And if they kept going untill they got caught.you would call them stupid for not knowing when to quit."

        Unless there's potentially something meaningful to gain from the attempt, poking a dog with a stick is stupid whether or not it's carried on to the point where the dog bites the poker (or someone else).

        Thinking that doing something risky wasn't daft simply because someone got away with it is *classic* immature-male logic.

        Anyway, in this case, it's possible that the dog can wait to bite until *long* after the poking has stopped.

        1. Anonymous Coward
          Anonymous Coward

          @ david wilson

          "Thinking that doing something risky wasn't daft simply because someone got away with it is *classic* immature-male logic"

          As I said nothing of the sort that makes you just another fool who can't read.

    2. David Hicks

      If they are Sk1pt KiDD!355

      Then god help us all, because if script kiddies can do that then think what real talent could do.

      1. This post has been deleted by its author

        1. Graham Wilson
          Mushroom

          @Anonymous Coward -- Another one who's happy with cyber security as it is. Shame!

          Your comment, and similar 'script kiddies' comments in posts by others, are the reasons why cyber security is in such a shambles (and why software generally is in such a mess).

          Fucking hell, can't you understand that none--THAT MEANS NOT ONE--of these major sites should have been vulnerable to script kiddies.

          What you and others are blatantly saying (admitting to) is that major systems can be attacked by amateur script kiddies, yet your only real response is that they're naughty to have done it. Unfortunately, this sloppy unprofessional attitude permeates the IT security industry (and IT generally) and primarily it's the underlying cause of the longstanding IT security problem.

          If bridges were designed to such sloppy engineering standards then there would be deaths every week from bridge collapses. However, unlike the very public lives of bridge designers, those who write the code for security systems, hide their sloppiness and mistakes in the compiled code. Compilation and proprietary (secret code) not only hides mistakes but gives programmers anonymity (and thus after disaster a means to escape the wrath of harmed users). Tell me, in all the publicity about all those systems breached by Lulzsec where were all the names of those responsible for designing and programming them. Correct, there were none. Yet again, unscathed, the true perpetrators have escaped to repeat again and again!

          Perhaps the details of breaches ought to be the subject of a Wikileaks investigation.

          I have considered for quite some time that significant improvements to security systems would result if the designers and programmers were publicly responsible for their code. Programming in Ada and such--where programmers' details are properly logged and embedded in the code module by module--would help to enforce better security. Then, every time a security module was compromised or breached, the name, rank and serial number of the designers/programmer(s)--the perpetrators--would be available for all the world to see. Public disgrace and humiliation not to mention future employment being put in jeopardy would quickly enforce better security standards.

          This is not without precedent either, and it goes back a long way in civil engineering. Take for example the Tay Bridge disaster of 1879 where the bridge designer--the notoriously tight-arsed, cheapskate engineer, Sir Thomas Bouch--cut corners everywhere which resulted in the loss of 75 lives. A subsequent inquiry exposed him when it summed up the bridge as being "badly designed, badly built, and badly maintained". Bouch died in disgrace shortly afterwards. A similar fate befell the famous and very successful bridge designer Leon Moisseiff--the still-standing Manhattan Bridge amongst his achievements--but whose Tacoma Narrows bridge (Galloping Gertie) dramatically failed in 1940. Moisseiff became too cocky and failed to attend to minor but significant details that would have prevented the collapse. He too died in disgrace several yeas later with his wonderful career in tatters.

          Today, any bridge designer knows that a collapse means disgrace, humiliation and end of career. So too should be the fate of the system designers/programmers of large security systems that fail and are breached by hackers.

          If the incessant level of security breaches continue as they have in recent years, then sooner or later legislation will mandate acceptable standards. And rest assured, as with similar legislation elsewhere, it will require the publication of all those involved both with a security system's design along with those involved in its deployment/implementation.

          Seems to me you (and others) wouldn't have publicly expressed this attitude if you'd not been Anonymous Cowards; but, no doubt, you'd still have thought it.

          1. Anonymous Coward
            WTF?

            Twit.

            Young Graham, please could you point towards where I stated that i'm happy with the current security situation?

            Uh, that'll be nowhere then. Just because someone would prefer to call talentless script kiddies by their real title rather than call them hackers (they are only doing it for the ego boost, why give them the gratification?) does not mean that they are happy with the current status quo. Other than the fact that one of those same script kiddies is sitting in a police station. Perfectly happy with that.

            Yours,

            AC.

            1. This post has been deleted by its author

    3. Graham Wilson
      Holmes

      @LOL @ lulz -- Are you really saying all it takes is script kiddies?

      Are you really saying all it takes is script kiddies to wreak such hacoc?

      If so, then security is even in a more chaotic state that I outline in my earlier @ClareCares post.

      Lulzsec's a bit more than script kiddies methinks.

  5. Khaptain Silver badge
    Devil

    Careful Folks

    Ok theyr'e getting out whilst remaining on top, good for them.

    Now ask yourself the following, all of their knowledge, tools and expertise are not suddenly going to disappear. These guys are a little more than just script kiddies.

    They were very public now they will become very private.

    Which is the most dangerous, when you know publically whats going on or ...................The large institutions will no longer be obliged to publish the hacks now..

    I am not convinced that the real damage has even begun.

    1. Anonymous Coward
      Anonymous Coward

      No joke

      QUOTE: "Now ask yourself the following, all of their knowledge, tools and expertise are not suddenly going to disappear. These guys are a little more than just script kiddies"

      A few reg readers seem to believe what they read, are told by the police, see on TV news, and seem arrogant in their comments

      Someone calls them script kiddies and the rest of the reg readers parrot this without any rational thought, i guess it's true, using computers turns users into lobotomised chimps!

      Arrogance is for the Stupid.

      No back to reseting all my passwords

      1. Intractable Potsherd Silver badge

        @AC...

        ... I think you missed the point the OP was making. He was saying that the members of LulzSec are more than mere "script kiddies" and that they may now be more dangerous than they wee before - i.e. he was disagreeing with the use of the term by earlier posters, and putting forward what seems to be your point of view.

      2. Anonymous Coward
        Anonymous Coward

        No, the script kiddies want to be famous "hackers"

        Script kiddies want everybody to consider them hackers for the boost to their ego.

        I have yet to see any evidence to indicate they are anything but script kiddies smashing up random websites using prepackaged attack tools that the creators aren't stupid enough to use themselves,such as LOIC for DDOS's.

        Therefore i'm calling them script kiddies, and I hope everybody else does as well. They don't like that? Good.

        1. Anonymous Coward
          Anonymous Coward

          Script Kiddies

          They were attacking websites using a SQLi tool released by an Iranian Security company. Download it and give it a whirl, it's ridiculously simple to use and requires _NO_ skills at all to use.

          If it finds a vuln it'll try to download the whole database for you.

          They've not even the skills to use something a little more adult like sqlmap.

          They appear to have made use of LOIC as well as botnets.

          Sure, they've a wider skillset than the average internet user but hackers? Please! Anyone here could probably teach a 12 year old to do what they've done using the tools they were using.

        2. This post has been deleted by its author

          1. Anonymous Coward
            FAIL

            Legality be damned eh?

            Run an attack just to prove you can? A little egotistical to say the least!

            Have you even taken a peek at the tools they were using? They are childsplay to use, and anyone with low morals could attack sites with them (assuming of course those sites were vulnerable).

            The creators of the Iranian software do seem to been quite skilled in SQLi, it's a good (if basic) bit of kit. Just because the tool is well made doesn't mean the users have any knowledge.

            Funny, if we were talking about bomb making would you be asking for a practical demonstration?

            1. Anonymous Coward
              FAIL

              Stupid arguments...

              Script kiddies or not, everyone using the 'omg they didn't write their own software' argument is being idiotic. Why would they bother to spend weeks discovering new vulnerabilities and writing their own tools when it's quite clear the sites of large corporations can be screwed over with simple SQL injection? You said it yourself, the tools are already there and easy to use, so why put in more effort to achieve the same result?

              1. Anonymous Coward
                Anonymous Coward

                Think the point is

                Careful research, development of own tools and some basic knowledge is more a hacker trait

                Use of someone elses tools, pandering to the media, little apparent knowledge as to how the tools you are using work is a script kiddie trait.

                Which of the group you fall in probably doesn't matter if you are successful, but those of us who take time to actually _learn_ how things work are often quite proud of that fact. Being lumped in with a bunch of spotty oiks with little (note I don't say no) knowledge because of overuse of the word hacker? Not exactly going to go down well is it?

                The thing is, what they did was childsplay, anyone here could have done it without breaking a sweat. The fact it was so easy to do _is_ a major problem, and companies need to sort themselves out, but Lulzsec have hardly earned the hero status that some people here seem to have elevated them to.

                1. Anonymous Coward
                  Facepalm

                  RE: Think the he point is

                  The reason Lulzsec have their status, regardless of whether you think what they were doing was right or not, is because they actually had the balls to do it. It's all very well saying that it's childs play and that most of us could do it in our sleep but the point is we don't and therefore don't get the status.

                  Also, if you don't want to be lumped in with the Lulzsec lot then describe yourself as something other than a hacker. Like it or not, with it's adoption by the general public it's meaning has changed. It's not the rest of the world's fault you've built your ego around being a 'hacker' and now everyone thinks you're a 16 year old kid, living with his parents, ddos'ing MegaCorp.

  6. Anonymous Coward
    Anonymous Coward

    Coincidence

    Yeah it must just be a coincidence that the alleged leader of Lulzsec gets arrested and then under a week later the group are shutting down.

    That's Lulzsec wiped out. Now they just need to do the same to Anon.

    1. Anonymous Coward
      FAIL

      Admin

      "Yeah it must just be a coincidence that the alleged leader of Lulzsec gets arrested and then under a week later the group are shutting down."

      lol, he was just an admin of a forum, not the leader

    2. Richard 81

      Leader?

      I thought this was just some guy who sort of belongs to the group, rather than anyone important.

      I still suspect they're scuttling under the carpet to avoid the much bigger and more dangerous hacking group that's gunning for them.

      1. Anonymous Coward
        Anonymous Coward

        Just an admin...

        "lol, he was just an admin of a forum, not the leader"

        How many site admins are you aware of that would host a service on their servers and not help run it?

        What is funny is that Lulzsec have packed it all in and thrown in the towel before their latest operation "AntiSec" really gained any ground at all.

        Lets be real here, one of their own got busted and now the media is reporting that he is "helping the Police and FBI with their enquiries"

        Surprise surprise the group goes to ground.

        If this was a planned end of their run then they wouldn't have started AntiSec so close to the end to leave it unfinished for Anon to pick up.

    3. Chris Lovell
      FAIL

      Irony?

      Calling for the demise of Anon, whilst posting anonymously.

      Nothing more to say to that.

    4. Intractable Potsherd Silver badge
      Thumb Down

      There is nothing wrong with Anon.

      They have my unqualified support for letting air and light where it is needed. However, that support could evaporate quickly if it doesn't keep to the apparent code of ethics it has shown so far. LulzSec, on the other hand, didn't show the same balance in what they did, and gave pain to innocent bystanders - they have not had quite the same amount of support from me.

      1. DrXym Silver badge

        Nothing wrong with Anon

        "They have my unqualified support for letting air and light where it is needed. However, that support could evaporate quickly if it doesn't keep to the apparent code of ethics it has shown so far. LulzSec, on the other hand, didn't show the same balance in what they did, and gave pain to innocent bystanders - they have not had quite the same amount of support from me."

        Code of ethics? Anonymous are as bad as Lulzsec. They're in it for the lulz, not because of any deep political beliefs or moral compass. See it for what it is - a bunch of malcontents and juveniles with the power to disrupt websites, usually with some post hoc ergo propter hoc justification for doing it. And many of them lack the sense to see the consequences of their actions either for the sites they attack or ultimately for themselves.

        The funny part is realizing that long after people have forgotten about LulzSec / Anonymous some of these jerks will be stewing in prison. Even the ones who get a slap on the wrist may will have ruined their careers even before they started. And it will serve them right.

        1. CD001

          erm...

          ----

          Anonymous are as bad as Lulzsec. They're in it for the lulz, not because of any deep political beliefs or moral compass. See it for what it is - a bunch of malcontents and juveniles with the power to disrupt websites, usually with some post hoc ergo propter hoc justification for doing it.

          ----

          Erm.... surely anon is just that, anon - could be you, could be me, could by anyone with access to the intertubes... apart from motivation they may not be any different from the teachers going on strike next week - protesting against something they disagree with. ... or not, they're anonymous, who knows *shrugs*

          1. DrXym Silver badge

            Well no

            "Erm.... surely anon is just that, anon - could be you, could be me, could by anyone with access to the intertubes..."

            It could be but it isn't. Just because you don't know the ringleaders doesn't mean there are no ringleaders. Someone writes the tools, someone hosts their chat sites, someone has the crypto keys to start campaigns, someone proposes targets and urls. They're ringleaders - people with the skills and motivation to run attacks. It may be some come and go between particular attacks but there is a continuous thread running through all attacks.

            The smart ones just make sure not to actually participate in the attacks and let some other morons take the fall.

          2. david wilson

            @CD001

            >>"apart from motivation they may not be any different from the teachers going on strike next week - protesting against something they disagree with. ..."

            Not any different at all.

            Apart from the matter of legality, of course.

            And the fact that people going on strike do so openly.

            And the fact that they probably take more time to think about things than a bunch of online teenagers do, and are likely much more aware of the consequences of their actions.

            If the actions of Anonymous are justifiable, they are best justified by looking at the supposed causes of its actions, and their effects, not by making a piss-weak analogy with an radically different scenario, where about the /only/ thing in common is the claim that protest was a *cause* of the Anonymous actions, when to many people, it looks more like an excuse.

            If the actions can't be justified on a standalone basis, then an analogy (even a non-useless one) is pointless.

            If they can be justified on a standalone basis, then an analogy is superfluous.

        2. Bullseyed

          Re DrXyrm

          "Code of ethics? Anonymous are as bad as Lulzsec."

          Since you don't appear to be in the know, LulzSec splintered off of Anon as a result of the HBGary hack. Anon kept some of the emails and data private against the wishes of some of the hackers. Thus they formed their own group determined to act in a 'no holds barred' manner.

          And you all need to realize what this was: a recruitment drive. The new group needs members to become as strong as Anon. They pulled off these high profile acts to get more talent interested in the group and to build up some fanboys to do things like run their IRC.

          1. Anonymous Coward
            Anonymous Coward

            @Bullseyed

            Funnily enough, reading through the IRC logs that's sort of what I figured.

            To me it seemed almost like Lulzsec was some sort of temporary training regime, with Sabu (who has documented links to Anon) taking an almost parental role amongst the (somewhat) erratic others.

            I kinda got the impression Lulzsec was nothing more than a way to train up some fairly naive kids so they could be of more use to (for example) Anon.

      2. david wilson

        @Intractable Potsherd

        >>"They have my unqualified support for letting air and light where it is needed. However, that support could evaporate quickly if it doesn't keep to the apparent code of ethics it has shown so far."

        Didn't they effectively publicise the personal data of the people that ACS:Law was trying to get money from?

        Sure, there was a great deal of incompetence and the bulk of the responsibility on the part of ACS:Law, but that doesn't relieve anyone who assisted in publishing that information of responsibility for their part in any consequences.

        Seems like they were focussed pretty much entirely on causing maximum embarrassment for their target, which, however laudable a goal, can't excuse a lack of concern about possible effects on any number of innocent people.

        I'm not sure that 'the end justifies the means' or even 'If I didn't help publish it, someone else would' are quite what I'd call an 'ethical' philosophy.

        Neither would 'well, it was *really* the fault of his bad data practices'.

        That's rationalisation, not ethics.

      3. Bullseyed
        FAIL

        Re

        "They have my unqualified support for letting air and light where it is needed. However, that support could evaporate quickly if it doesn't keep to the apparent code of ethics it has shown so far. LulzSec, on the other hand, didn't show the same balance in what they did, and gave pain to innocent bystanders - they have not had quite the same amount of support from me."

        I dont like Scientology so that is ok but nothing else is!!!!

        More proof that LulzSec has done nothing wrong.

    5. Ru
      FAIL

      "That's Lulzsec wiped out"

      Golly gee, what with their forum and IRC dude helping the police with their enquiries, I'm sure every last member of lulzsec will be hanging up their hacking hat and never being so naughty again!

      Or, y'know, they'll be back under a different name next week. All the talent is still out there. The only need they have for leadership is someone to point at a target and say 'kill'.

  7. Chad H.
    Joke

    Are we all not sure...

    That this is just another joke.... Seems like something that may be done for the lulz...

  8. JJBurnel
    FAIL

    Cleary’s defense attorney?

    Cleary’s defense attorney? Large fries with that Americana?

  9. Anonymous Coward
    Holmes

    CIA assets...

    ... being redeployed???

  10. Anonymous Coward
    FAIL

    Bye....

    ....now clean up your Mum's basement.

  11. Anonymous Coward
    Thumb Up

    Good.

    Would it be too much to hope that the various government-related orgs that have been embarassed by LulzSec will now sit back and work out why they were so vulnerable and beef up their security to the level it ought to be at, and set an example to us all?

    Anything less and I just don't see how they can expect to move us on to ever closer on-line interaction with them.

    1. Paul 172
      FAIL

      durr?

      "Would it be too much to hope that the various government-related orgs that have been embarassed by LulzSec will now sit back and work out why they were so vulnerable and beef up their BLA BLA BLA BLA...."

      you just dont get it do you? maybe the bbc site might be more your level... hiring a botnet for $50 and ddos'ing a public information page of an organisation isnt hacking that organisation...

      1. Anonymous Coward
        Unhappy

        re : durr?

        (Puzzled by the insulting tone.)

        But for the quote from my post, I would have thought you were reacting to something else. I have no skills in these areas, nor would I want them. I couldn't care less about LulzSec or their motives, but I do care about the sloppiness that they've highlighted.

        The main stories have been how LulzSec have managed to get into various high profile sites and extract information which should have been inaccessible to unauthorised personnel. Those defensive failings are serious in government organisations because they damned-well should know better and they do have the required policies and the resources to implement those policies. If they can't/won't get it right, how can we possibly hope that non-governmental organisations will give a shit?

    2. Bullseyed

      Re

      They'll chase down the group forever instead of improving their security.

  12. Anonymous Coward
    FAIL

    EA Site

    One of the EA sites...

    "Battlefield Heroes is Offline

    Service on the Battlefield Heroes free-to-play site has been temporarily halted while we investigate a security breach. Our investigation is ongoing however it appears that screen names and encrypted passwords associated with an early beta version of Heroes has been compromised. To the best of our knowledge, it appears that no personal data was compromised . no emails, account history, credit card numbers or payment methods. Any further updates will be posted on this page. We apologize for any inconvenience and hope to have the game back online shortly."

    and not ONE email warning members to change their passwords, or that account info is on p2p now!

    Class action EA...

    1. Thomas 4
      IT Angle

      Hey!

      What's more important here - company reputation or someone's personal details?!

      ....

      Oh wait. EA.

    2. Paul Leighton
      Big Brother

      lulzsec 1 EA 0

      My user details were on the list from EA, although the password was md5 encrypted it took about 1 second to reverse that online and reveal the password. Not a word from EA advising its customers about this even when it was clear within seconds of release that their customer logon details have been retrieved from them and released online.

      Very poor EA!!!

      As slightly annoying as it was, its already made me secure things of mine further and make sure I'm using a different password for everything. So at least lulzsec made sure people knew what has been retrieved which is a much better job than EA have done and opens our eyes to show how many times are companies getting hacked and we're not finding out about it!!

    3. BEN10
      WTF?

      Battlefield Heroes

      Yep they admitted responsibility for the Battlefield Heroes hack, not cool guys

      1. Anonymous Coward
        Trollface

        You can't claim bigbro icon for that

        "My user details were on the list from EA, although the password was md5 encrypted it took about 1 second to reverse that online and reveal the password."

        md5 is a checksum. Strike one.

        You don't reverse it. You brute force it with a dictionary until you find the dictionary word you used for a password that generates the same checksum. Strike two.

        "..took about 1 second"? What was your password? "cat"? Strike three.

        What'cha going to change it to -- "dog"?

        Lefthanded troll, that's me.

  13. Anonymous Coward
    Anonymous Coward

    You've missed half the story!!!

    The file they released on TPB turned out to have malware in it, so PirateBay deleted it.

    The Jester has released the personal details of Sabu, the guy seemingly in charge of LulzSec and is still digging.

  14. Stephen McLeod Blythe
    Thumb Down

    JJBurnel got there first...

    defense attorney?

    Any good reason why we used the American term?

  15. Paratrooping Parrot
    Mushroom

    One good thing has come out of this...

    They have publicly exposed many websites' security failings. Many underground hackers would have stolen the data and no one would have been the wiser.

    So, the moral of the story is... Don't use the Internet for shopping. Go back to using cash in physical shops! If you have to use use Internet shopping and the like, then make sure you have excellent memory as you will have to memorise many different passwords for each site.

    There are many more badly designed websites, as long as we hire useless website designers, we will have useless websites.

    1. Anonymous Coward
      Anonymous Coward

      Malware

      "The file they released on TPB turned out to have malware in it"

      Wonder how many journo's have had their machines pwnd by this.....

      But also, is anyone surprised that hackers have released a file with malware in it? Seriously?

    2. Fuh Quit
      Megaphone

      the 50 Days collection

      had some rubbish from AT&T which contained malware, a low impact generic trojan. From the files contained in the rar file, I'd say it was some remote staging kit that they snatched and this had a FP in it. Or even a real trojan.

      The kids probably didn't put that into their torrent. Bless them, they probably have to disable any AV they have to do their "job".....

      1. Anonymous Coward
        Anonymous Coward

        Yup

        Was in the Garbage file so unlikely to be deliberate.

        Funny though, the release and disbandment came just 3 hours after the actual (i.e. not the Cloudflare proxy) IP of both their servers was published.

      2. Matt Bryant Silver badge
        Pirate

        RE: the 50 Days collection

        "....The kids probably didn't put that into their torrent...." Probably an indication that their systems have been compromised in turn, either from using a dodgy proxy, or simply from downloading warez and toolz from infected sites.

  16. Ian Stephenson Silver badge
    Big Brother

    Yeah right...

    We have only their word that they are retiring.

    I'll believe it in 2021 years time if we don't hear from them in the meantime.

  17. Anonymous Coward
    FAIL

    Aspergers? Again? Really?

    Can we not just refer to it as the "McKinnon defence"? It's like the Chewbacca defence but without the exploding head.

    1. system11

      perhaps

      I feel sorry for McKinnon, he didn't hack Nasa maliciously, or to expose personal details, he just wanted to look for little green men. There's no malice there, just a sad naivety.

      1. Robert Carnegie Silver badge

        That's McKinnon's defence, do you believe it?

        I'm angry all over again. I have Asperger's syndrome and assholes like these are giving it a bad name. I assume it isn't particularly difficult to fake it if you've seen [Rain Man], which I haven't.

        I also don't see that McKinnon, even if undiagnosed for a long time, would take to believing in little green men in flying saucers, to an horrific secretive American government effort to cover it up and silence any mention of it, and to it being a good idea to hack the U.S. military computers from his home phone... okay, maybe the last, if he really has it, he could be that stupid. Just about. Not stepping on cracks in the sidewalk yes, not declaring war un Uncle Sam, whoops, didn't think.

        But I think that his flying saucer defence is bullshit. What the hell he actually thought he was doing, I don't know. I look forward to maybe finding out sometime.

        And now another, making it harder for real Asperger's people to get jobs in IT that necessarily involve trust and confidence with private data.

        1. Anonymous Coward
          Anonymous Coward

          Agreed

          I've got Aspergers and yet I seem to know the difference between right and wrong.

          Yes, I get obsessed with strange things and pursue them endlessly but there's a line. The closest I get to not knowing when something is wrong is to not realise that something I do/say is going to upset someone.

          Seriously upsetting someone by accident is something I can't seem to avoid, but it's a league apart from accessing DoD computers and then claiming I didn't know any better!

          1. Anonymous Coward
            Alert

            Aspergers

            It's rather easy to score highly on most Aspergers tests if you hate people and can add up.

            (Brought to you by someone who registers as borderline).

          2. Anonymous Coward
            Anonymous Coward

            @Agreed

            >>"I've got Aspergers and yet I seem to know the difference between right and wrong."

            Agreed again.

            I guess if I'd been evaluated for such when I was younger, I'd have had some sort of Aspergers diagnosis, but I'm not sure I was ever in great doubt about what things were unlawful.

            It's not even a case of making a subjective judgement about what's 'right' and 'wrong', but of simply being aware of what kinds of behaviour are illegal, which seems a much clearer issue.

            For me, rules are far simpler than dealing with opinions, probably one of the main things that attracted me to computers in the first place.

            >>"Seriously upsetting someone by accident is something I can't seem to avoid..."

            I hear *that*, though I very gradually realised that an honestly-earned reputation for socially-incompetent tactlessness does provide some cover for occasional deliberate tactlessness, which can sometimes be very useful.

            1. Anonymous Coward
              Anonymous Coward

              @A/C 12:39

              Thankfully most around me know what I'm like and why I'm like it.

              It's new people that are the problem, and as you say computers are a lot easier in that respect. Had quite a frank discussion with the wife the other day, she said she was a little scared at how detached I can be sometimes!

        2. Anonymous Coward
          Alien

          Are you new to the internet?

          Believing in aliens and government cover-ups is almost mainstream now, where have you been?

        3. Anonymous Coward
          Trollface

          The lameness of claiming Asperger's

          A large proportion of IT people would pass for having it, as some of the symptoms are dead useful in IT. The difference between them and you is that you had a doctor hand you a diagnosis. Like webmd says: "Some traits that are typical of Asperger's syndrome, such as attention to detail and focused interests, can increase chances of university and career success. Many people with Asperger's seem to be fascinated with technology, and a common career choice is engineering. But scientific careers are by no means the only areas where people with Asperger's excel. Indeed, many respected historical figures have had symptoms of Asperger's, including Wolfgang Amadeus Mozart, Albert Einstein, Marie Curie, and Thomas Jefferson."

          Claiming it affects their judgement is asinine -- just because users' sole purpose in life is as a test load doesn't mean any true geek would disrupt the systems that serve them -- after all, we may need them as a test load on another system.

          If you run out of cattle, it's hard to get statistics on Abbatoir 3.3's performance under load...

  18. semprance
    Stop

    Scriddies

    Calling them script kiddies and talking about "MY personal details. MY PERSONAL DETAILS!" just detracts from the point that they have publicly embarrassed numerous companies and shown that they are as equally untrustworthy as LulzSec.

    People are acting like their personal details weren't already at risk. If they were hackable by Lulzsec they were hackable by any other group and so essentially just as at risk.

    There was no break-in on theses sites, just trespassing and entry through an (essentially) open door, and I for one expect companies I make privvy to my personal details to keep the door shut.

    I'm not condoning LulzSec but you're letting EA's suit-and-tie facade mystify you into thinking they aren't in the wrong in some way.

    Don't eat up the bullshit.

    1. Bullseyed

      Re

      This should be posted as an article.

      1. Anonymous Coward
        Trollface

        No, it shouldn't.

        It's a "dog bites man" story.

  19. Mostor Astrakan

    So the 50 days of lulz have finished.

    Now they start doing it for the moniez?

  20. Bunker_Monkey
    FAIL

    One more reason apart from lag

    I shall be uninstalling BH from my PC tonight!

  21. Lamont Cranston
    Meh

    "a revolution that can continue on without us"

    If this is what passes for a revolution, we might as well all give up, as "the man" appears to have already won.

  22. Dave Murray

    agoraphobia?

    I don't think a fear of open spaces is going to be a problem where he's going!

    1. Marcus Aurelius
      Devil

      @Dave Murray: agoraphobia jokes

      For my next act I will promise to read the existing jokes before posting it again

    2. Anonymous Coward
      Headmaster

      Technically....

      It's more a fear of being stuck in places with lots of people (literally "fear of the marketplace") Could be a learned reaction to panic attacks resulting from general anxiety.

      I guess solitary would not be so bad but the free association and mealtimes could be awkward.

  23. Fuh Quit
    Pint

    Looking at their released torrents.......

    .......it really is low-hanging fruit that has largely been plucked by them. If, for example, you find your IP address in their "Silly routers.txt", you can clearly understand that you're sillier than they are.

    And the first thing I did when downloading their torrent is to scan the files with more than one AV engine - I must not have gotten the version with the malware.....plus I'm very careful about what I'm opening - my scope to look at this stuff is very limited and has as yet resulted in no concerns for me or my company....

  24. Matt Bryant Silver badge
    Pirate

    Reality test.

    ".....hiding behind seven proxies....." OK, here's a simple acid test - if you can find info on how to implement a means of avoiding IP detection on common websites, then it is already too well-known to be safe. The majority of proxies are run by hackers or the authorities and have been for years. I really hope the Lulztwits were hiding behind seven proxies at that means at least one of those was probably an FBI/NSA front, and probably more than one was some rather nasty people not intent on "hacking for fun" but on owning their systems and botnets. How do you think the coppers found their IRC admin so fast? Because, despite what many of you want to believe, the coppers are not thick, you are not anonymous online, and they will catch you. The biggest mistake these idiots have made is mixing with other e-crims and bragging, which means other e-crims that turn grass to save their own necks will be able to provide plenty of info to get you sent down. It won't matter how much you claim you have Excusers Syndrome.

    1. Anonymous Coward
      Anonymous Coward

      Funnily enough

      If you read the IRC logs that were published, at least one of them mentions being caught using a public proxy when connecting to various places (mainly IRC AFAICR)

      Suggests they may not have been quite as anonymous as they thought they were.

  25. Anonymous Coward
    FAIL

    EA Look Bad

    I visited Battlefield Heroes to ask why EA didn't inform users it had been hacked.

    within 3 hrs the post was removed, but before that, all news links i posted to the reg and other news sites were removed.

    I've spent ££££££££££££££££'s on EA games over the years, and trusted them,

    but now, i won't trust them after this

    If the hackers had kept quiet about the hack, we would have never known that passwords had been compromised.

    how many hacks have EA had and never told us about?

    EA looks so bad now, EA PR BIG FAIL!

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019